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(57) Abstract 

A secure computer controlling access 
to data storage devices via a card reader. A 
microprocessor-controlled card reader inter- 
face logically connected to the card reader 
and the central processing unit (CPU) of the 
computer reads and writes information from 
and to a card placed in the card reader and 
performs additional functions in response to 
commands received from the CPU. The card 
reader interface includes an encryption en- 
gine for encrypting data in a data storage 
device and a boot ROM containing verifica- 
tion program code executed during an ini- 
tialization procedure. The verification pro- 
gram verifies that a valid user card has been 
placed in the card reader, reads one or more 
questions from the user card, asks the ques- 
tions of the user and verifies the answers 
against the contents of the card. If autho- 
rization is verified, the card reader interface 
permits the user to access the encrypted data. 
Otherwise, the user is denied access to the 
data by one or more of the following meth- 
ods: freezing the system bus. and requiring 
the user to reset the computer and re-enter 
the verification program; logically destroy- 
ing the data in the data storage devices; and 
physically destroying the. data storage de- 
vices. 
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I«EB(X3TIWDTECnON FOR A DATA SECURTIY SYSTEM 

5 Technical Field of the Inventicgi 

The present invention pertains generally to conputer security 
systems, and more particularly to a microprocessor-controlled system for 
controlling vscr access to and dissemination of secure data stored in a secure 
computer. 

10 Background of tfie Invention 

There has been an enormous increase in the use of conputers 
for processing and storing sensitive information in a wide variety of 
commercial and government plications. Conpiter systems have evolved 
from large systems with restricted access to small systems which may be 

15 portable and easily accessed by several users. As conqxMients have become 
more easily accessible and as demand for easy computCT access has spread, 
there has arisen a greater need for the protection of sensitive Hata 

One method for securing access to conq>uter systems is to 
restrict the physical access to the computer systOTi, however, such restriction 

20 is ineflScient for typical conputer system installations which fevor shared 
access and increased portability. The cost of securing conputer systems by 
restricting physical access is also prohibitive. 

Another method for providing security of sensitive data is to 
use a program to restrict access to the conputer system. However, this 

25 method has cb^wbacks. For instance, an unauthorized user can often bypass 
the security program or routines which invoke the security program to gain 
access to the compute system Even if the security program proves to be 
difiBcult to bypass, the unauthorized user can sin:;)ly remove the information 
stored in the conputo* by removing the memory or monitoring the data bus. 

30 For example, a hard drive could be removed from the conpiter and installed 
in another con^niter to read the contents of the hard drive. 

To prevent sudi unauthorized access and retrieval of sensitive 
information, srasitive data may be destroyed either logically or physically. 
Logical destruction requires that any data destroyed be unintelligible to 

35 another user after the destruction process has taken place. The storage media 
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will typically still be reusable. An exanple of a logical destruction program 
is a program vMch erases the sensitive files on a hard drive wdien an 
unauthorized access is detected. Pl^ical data destruction, on the other hand, 
requires catastrophic destruction of the storage media to ensure that the 
5 contents in the storage media are irretrievably lost. 

In some plications die program destroying the logical data 
fails to con:q)letely destroy the data and advanced data retrieval techniques 
may be employed to recover traces of logically destroyed infomiatioa For 
exanple, information on a hard drive of a con^Duter may be recovered by 
10 methods vs^ch detect previously written and erased binary words from trace 
magnetic remnants of the words. If the logical destmction methods are only 
partially effective, physical destruction techniques may also be required to 
ensure that the data is destroyed and cannot be recovered. 

It may be desirable to restrict access to particular peripheral 
15 devices on a conpiter or workstation, rather dian restricting access to the 
entire compviST system. Modem conpiter security systems fail to provide 
such restricted access. 

ThCTefore, thare is a need m the ait for a con^utear security 
system vMch prohibits unauthorized access and vHnch is not vulnerable to 
20 bypass yet maintains the portability and flexibility inherent in a modon 
coopiter system. There is a further need to provide conplete protection of 
sensitive data such that the data may not be recovered by bypassing the data 
protection system or by physical removal of data storage devices. Finally, the 
system must also provide conplete destruction of sensitive data to prevent 
25 retrieval of data traces. 

Summary of the Invention 
To overcome these and other shortcomings and limitations in 
the art which will become q>parait to those skilled in the art upon reading 
and understanding the following detailed description, the present invention 
30 provides a system for controlling access to sensitive information on a 

conputer without conipiiomising the security of sensitive data The preset 
invention restricts conputer access to audiorized users. In addition, it detects 
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attenpts to imitate an airthorized user to gain access. Further, the present 
invention provides for configurable logical and physical destruction of 
sensitive data, and provides means for adjusting the threshold requirement for 
destruction and the level of destruction to suit the d^ee of security required 
5 for the information stored on tiie conputer. Finally, the present invaition 
provides a means, under the control of a centralized authorization security 
administrator, for limiting access to portions of the overall computer system 
depending on the access privileges configured for each individual user. 

In one embodiment of the present invention, a microprocessor- 

10 controlled card reado* interface logically connected to the CPU of the 

conputer reads and writes information fi^om and to an integrated circuit card 
("card" or "smart card") placed in the card reader. The informalicm read is 
presented to the CPU to determine \^ether the user is authorized to use the 
coirputo; the CPU then specifies vAndi peripherals tiie user is authorized to 

15 access. A card reader interface board logically connected to the data and 
address buses of a compater monitors address bus of die compvter and 
restricts access to the data storage devices and configurable ports in the 
system and executes a spedal voification program to verify authorization of 
the user. 

20 According to one embodimait of the present invention, whai a 

valid user card is placed in the card reader one or more questions are read 
fi-om the card and displ^^ to the user. The user's responses are compared to 
the correct ansvras stored on the card and, if the responses match the correct 
answers, the CPU is allowed to access all paipherals the user has been 

25 authorized to use. Conputer security is inp-oved by coordinating 

identification infomiation received fi-om the card, usct, and conpiter RAM to 
ensure proper verificatioa The system requires that the same card, usct, and 
CGsnputear be used to control access. 

In one embodiment of this invention, the system provides for a 

30 method of initializing and authorizing a user card wifli a security administrator 
card a valid security administrator card being placed in the card 
Tcadsc, a security administrator initializes and authorizes one or more 
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individual user cards by selecting from a list of menu options displayed to the 
security administrator. The security administrator inputs a list of questions 
and answers whidi are then stored on the user card for use during die 
verification procedure. 
5 In one embodiment of the present invention, the system 

provides for a hierarchy of access privileges by encoding access codes direcdy 
on the card vdridi allow users with superior access privileges to access data 
on conputers of users with inferior access privileges. The same coding 
system prevents die users with inferior access privileges from accessing the 

10 conputers of those with si4)erior access privileges. 

In one embodiment of die presort invention, the system 
provides for the physical or logical destruction of data in response to 
unauthorized attenpts by a user to violate the physical or logical integrity of 
the conputer syston. The pltysical and logical destruction of data may be 

IS disabled for maintoiance or configuration purposes by use of a maintenance 
card 

The preceding and odier features and advantages of die 
invention will become fiirther qTparent from the detailed description that 
follows. This description is acconpanied by a set of drawing figures. 
20 Numerals are mq)loyed throughout the written desaiption and the drawings to 
point out die various features of this invoition, like numerals refbring to like 
features diroii^bout 

Brief DescripticHi of the Drawings 
In the drawings, v^ere like numerals describe like conponents 
25 throu^out the several views: 

FIGURE 1 A is a pospective view of a first anbodiment of a 
secure cotnpatcr system iirplemented according to the present inventicMi; 

FIGURE IB is a block diagram showing the high-level 
architecture of a first mibodimait of a secure confer system inplemented 
30 according to the present invention; 
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FIGURE IC is an electrical block diagram showing the 
microprocessor-controlled card reader interface for a first embodiment of a 
secure conputer system according to the present invention; 

FIGURE ID is a perspective view of a second embodiment of a 
5 secure conputer system inplmimted according to the presait invention; 

FIGURE IE is a perspective view of a third embodiment of a 
secure conputer system inplemented according to fte present invention; 

FIGURE 2A is a block diagram of a compxiter system with a 
hard drive and interface board; 
10 FIGURE 2B is a block diagram showing how a conputer 

system with hard drive is modified to create a secure conputer system 
according to a second embodiment of the present invOTtion; 

FIGURE 3 is a blodc diagram showing the hig|i level 
ardntecture of a secure conputer syston according to a second onbodiment 
15 of the present invention; 

FIGURE 4 is a blodc diagram showing the hi^ levd 
architecture of one embodimoit of Ae control ASIC diown in FIGURE 3; 

FIGURE 5 shows a blodc diagram illustrating &e operation of 
one embodiment of the data steering networic shown in FIGURE 3; 
20 FIGURE 6 is a block diagram showing the load^ program and 

verification program resident in- Ae read only mraiory (ROM) of one 
embcxliment of the card reada- interfece board of FIGURE 3; 

FIGURES 7A, 7B, 7C, and 7D are a flow diagram showing 
program steps tak^ to initialize and execute the security portion of a secure 
25 computer system program according to the present invention; 

FIGURE 8 is a block diagram showiiig a hierarchy of access 
for us^ of a secure conputer system; and 

HGURE 9A and HGURE 9B illustrate a pictorial display of 
one embcxliment of a mounting sdieme used to co-locate a card reader and 
30 hard drive. 
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Detailed Specificarion of tfie Preferred Embodiments 
In the following detailed desaripticni of the preferred 
embodiments, reference is made to the aoconpanying drawings which form a 
part hereof, and in vAnch is shown by way of illustration specific 
5 embodiments in which tfie invention may be practiced It is to be understocxl 
that other embodiments may be utilized and stmctural changes may be made 
without departing frcMn the scope of the present invention 

FIGURE 1 A shows the conqxments of a conputer system to be 
secured with a card reader interface according to a first embodiment of the 

10 present invention This embodiment was shown in US. Patent No. 5,327,497, 
issued July 5, 1994, by Mooney, et al. The conputer system includes a 
keyboard 101 by which a user may input data into the systma, a can5>uter 
chassis 103 which holds electrical oomponents and peripherals, a so-eai 
display 105 by vAnch information is displayed to the user, and a pointing 

15 device 107, the system camponents logically connected to each other via tfie 
internal system bus of the conputer. A card reader 111 is connected to the 
secure conputer system via card reader intoface board 109. The preferr^ 
card reader 1 1 1 is an An5)henol® "Chipcani" acceptor device, part number 
702-10NK)08 5392 4794, which is compatible with hitemational Standards 

20 Qrgani2ation (ISO) specification 7816, althou^ one skilled in the art would 
readily recognizse tiiat oHher card reader devices wfaidi conform to ISO 7816 
may be substituted 

In order for the conpjter system to be secured, a card reader 
interface is integrated into the conpiter system in a manner similar to that as 

25 revealed in FIGfURE IB. A card readar inta:fece board 109 contains a 

mia-oprocessor 116 connected to tiie CPU oftheconputer via a second data 
bus 117, connected to RAM 127 via a third data bus 131, and connected to 
the card reader 111 via a fi)urth data bus 133. The interfece board 109 is 
typically implanented with printed circuit board tedmology, although other 

30 equivalmt technologies may be substituted without loss of gmCTality. 

Peripherals 121 within computer 103 are controlled by the CPU 123 and PLD 
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129 with a power control circuit 1 19, whidi turns power oflF and on to 
periphoals 121. A system boot ROM 126 logically connected to the CPU 
123 to start executing a non-volatile jrogram contained in PLD 129 upon 
initialization of the conputer during power-iq), clear, or wann-boot reset. 
5 An IC card 115 is used in conjunction with card reader 111. 

The preferred card 1 15 is a MICRO CARD® or GEMPLUS® card (for 
exanple, Scot 100, TBIOO, or COS IC cards), which is conpatible with ISO 
7816. By confonning to this standard, the card 115 aiables the siqjport of 
Data Encryption Standard (DES) data enoyption and decryption fimctions. 

10 One skilled in the art would readily recognize that othCT cards which conform 
to this standard and provide data mayption and decryption functions may be 
substituted The ability to enoypt and decrypt data is in^itant, since the 
present invention is designed to ensure that unenoypted sensitive data does 
not reside in the CPU v^ere it could be read by an unauthorized user. 

15 Ibe schematic for card reacfer interface 109 is described in 

greater detail in FIGURE IC. Microprocessor 1 16 is powered by circuit 135, 
and cmtrols system fimcticxis via connections to the system data bus 125. 
System resets are initiated by clear line 137. Validation and authorization 
information is transferred between Ae microprocessor 1 16 and RAM 127 via 

20 the third data bus 131 in conjunction with address or data select line 141, 

strobe line 143, and chip select line 145. Backup power is provided for RAM 
127 by a +5 volt lithium battery 139. 

The mio-oprocessor 116 comraunicates with systmi data bus 
125 as a serial communications device using CTS line 147, DTR line 149, 10 

25 MHz clock line 151, serial data out line 153, and serial data in line 155. A 
separate 3.5 MHz clock line 157 is used to provide a clock signal to PLD 
129, which is used by the microprocessor 1 16 for card reset control via line 
159, card serial data control via line 161, and card intemqTt control via line 
163. The PLD 129 in turn connects to the card via card serial data contact 

30 177, card clodc contact 179, and card reset contact 181. 

N^croprocessor 1 16 also has the ability to ccmtrol the physical 
destructic»i of data within the conpiter system via line 165. A physical 
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destruction device may be triggered using line 165 as a destnict signal. For 
example, line 165 may be connected to a mechanism containing a chemical 
solution Which is sprayed onto a hard disk contained in tfie secure conputer 
system when an unauthorizjed user attanpts to violate the physical or logical 
5 int^ty of the conputer system. Several destract mechanisms are tau^ in 
the prior art, and one of ordinary skill in Ae art would recognize that other 
equivalent destruction chemicals and mechanisms may be substituted without 
loss of generality. 

The microprocessor 1 16 uses power control line 173 with 

10 switch 171 and H-5 volt rel^ 175 to provide power to the card via card logic 
voltage si^ly contact 183 and card programming contact 187. The card is 
grounded via card ground contact 185, and detected by applying power 
through card detect power contact 191 to microprocessor 1 16 by card detect 
contact 189. Card contacts 193 and 195 and line 197 are reserved for fiiture 

15 use. 

FIGURE ID shows die conponents of a second embodimmt of 
a secure conputer system according to the present invention Secure 
con^uter syston 100 includes a keyboard 101 by which a user may inpat data 
into the syston, a ocanpatsar chassis 103 vAndti holds electrical coiiqx)netits 

20 and poipherals, a screen display 105 by which information is displayed to the 
user, a secure hard drive 113, and a pointing device 107, the system 
conqxttients logically connected to eadi other via the internal system bus of 
the conputer. A card reader 111 is connected to the secure conputer system 
via card reader interface board 109. As in the first onbodiment, the preferred 

25 card reader 111 is an Anphenol® "Qiipcard" acceptor device, part number 
702-10M008 5392 4794, vAnch is conparible with International Standards 
Organization (ISO) 781 6 specifications. One skilled in the art would readily 
recognize, however, that other card reader devices vMch conform to ISO 
7816 may be substituted FIGURE ID shows card reader 111 and secure hard 

30 drive 1 13 co-located in a single peri]:^eral b£^. Odier mounting techniques 
are available, however, vAiidSi would not modify the scope of the present 
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invOTtion, for example, positioning card reader 1 1 1 externally as shown in 
FIGURE IE 

FIGURES 2A and 2B illustrate the modifications required of a 
standard personal confer system 705 in order to create a secure conputer 
5 system 100 according to the present invratioa FIGURE 2A is a sinplified 
block diagram of a conputer system 705 commonly found in the prior art 
Central processing unit (CPU) 290 is connected to dedicated hard drive 
controller logic 710 vdiich serves as an interface for the conputer system to 
hard drive 113. Typically, hard drive controller logic 710 is a printed circuit 

10 board vAnch is installed in the backplane or integrated into the motherboard of 
conputer 100, and hard drive controller logic 710 is connected to hard drive 
1 13 using a multiconductor cable 720. Hard drive 1 13 may be mounted 
externally to conputer 705, or internally. 

FIGURE 2B shows how the standard perscmal conpiter 705 is 

15 converted to a secure compiiter systmi according to one embodiment of the 
present invention. In FIGURE 2B, secure conputer system 100 is formed 
adding integrated circuit (IC) card 115 and attaching card reader 111, cable 
730, and card reader interface board 109 to systrai 705. Card reado^ 111 may 
be added to tfie syst^ by ranoving cable 720 fix)m hard drive 1 13 and 

20 connecting it to card reader intCTface board 109, then connecting card reader 
1 1 1 to card reader interface board 109 via cable 731. Hard drive 113 is 
connected to card readCT interface board 109 using cable 730. 

Card reader 111 acts in concert widi card reader interface board 
109 to limit access to sensitive data stored both on hard drive 1 13 and card 

25 reader intaface board 109. Integrated circuit card 1 15 is preprogrammed with 
information used to verify that the user is authorized to access the sensitive 
data stored on hard drive 1 13. Security for sensitive data stored on hard drive 
1 13 is provided by requiring a minimum of three distinct sources of 
audiorizadon verification infomiation in order to access the sensitive data In 

30 order to gain access to the s^itive information stored on hard drive 113, 
both card 115 and card reader interface board 109 must presmt proper 
identification infomiation and the user must enter a series of predetemfiined 
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answers to a series of predetermined questions. If any of the sources of 
identification information is incorrect, board 109 may prevent access to tihe 
secure crapiter system 100 by fi-eezing the system bus 292 (requiring cycling 
of the system power to reset secure con5)uter system 100), logically 
5 destroying any srasitive data on ihe system, or physically destroying the 
storage devices containing sensitive information. 

The details of one embodiment of the present invention will be 
specified in greater detail using the following figures. FIGURE 3 is a detailed 
electrical block diagram of the secure conputer system 100 of FIGURE 2B, 

10 showing connections between card reader interface board 109, card reader 
1 1 1, secure hard drive 1 13, and central processing unit (CPU) 290. In tfie 
present invmtion, independent, dedicated data buses are enployed such that 
card reader int^iace board 109 communicates with card read^ 111 via card 
reader bus 225, hard drive 1 13 via hard drive bus 272, and CPU 290 via hard 

15 drive controller Ipgic 710 and syston bus 292. (hard drive bus 272 is 
analogous to cable 730 of FIGURE 2B and ^tem bus 292 is analogous to 
cable 731 of FIGURE 2B.) The utilization of independent dedicated data 
buses for communications with card reader 111, hard drive 113, and CPU 290 
deoeases tiie chances for retrieval of sensitive data and enoyption 

20 infcHmation, since systrai bus 292 transfers only unencrypted data to the 
connpjter system finom card reader int^face board 109. An unauthorized 
intruder would have to monitor all three buses to attenpt to decipher the 
encryption codes used and the method by \^iiich the security system interacts 
with the conputer system. 

25 FIGURE 3 also shows the interconnections of the con5X)naits 

on card reado: interface board 109. In one embodiment, the card reader 
intoface board 109 contains a Zilog Z86C61 16 processor 220 for controlling 
datatransferbetwemcardreaderlll, hard drive 113, and CPU 290. The 
Z86C6116 is an 8-bit data bus, 16-bit time-multiplexed address bus 

30 microprocessor specified in the Zilpg Z8 MicnxxmtrollCTS Book, DC8305-01 
(1993), \^di is incorporated herein by reference. Otho- microprocessors may 
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be readily substituted without materially aflFecting the scope of the present 
inventioa 

Processor 220 controls the transfer of data on card reader 
interface board 109 by issuing commands to control ASIC 230. Control ASIC 
5 230 acts as "glue logic," under control of processor 220, coordinating the 
operation of data steering networic 240, cipher engine 270, and processor 220 
to control information transfer between CPU 290, RAM 260, and hard drive 
113. 

Data steering network 240 is an 8-bit controllable input and 
10 ou^ut port circuit designed to allow processor 220 to communicate wiA 
RAM 260 and cipher engine (CE) 270, but to prevent unauthorized access by 
a user controlling system bus 292 to retrieve data from RAM 260. FIGURE 5 
is a block diagram showing the operatiOT of the data steering network 240. 
Data steering netwoik 240 essentially op^es as an dg^t bit wide 
IS bidirectional parallel multiplexer vAich limits data transfer from processor 220 
to RAM 260, or altanatively to GE 270 (and, therefore, potentially to system 
bus 292 if port A 274 and port C 278 of CE 270 is connected). Attenptsto 
read information from the address space assigned to RAM 260 wttch 
originate from the system bus 292 are inqx)ssible, since RAM 260 is logically 
20 isolated such that no address space exists from system bus 292 to access 
RAM 260. 

Returning to FIGURE 3, in one embodiment cipher engine (CE) 
270 is an 8-bit NSA certified DES encryption engine meeting specification 
DES 3. Such a device is manufectured by Conputer Hektronik as part 
25 number CE99C003, Further iiifcmiation detailing the operation of that 
OTibodiment of CE 270 may be found in CE Infosys 99C003 Data Sheet 
Vereion 1.01. 

CE 270 is controlled by processor 220 via data steering 
netwoik 240 by commands received at port C 278. CE 270 may be instructed 
30 by processor 220 to provide a data path between port C 278 and port A 274 
(no encryption) or between port A 274 and port B 276 (DES encrypted data 
ou^ from port B 276, and nonencrypted data from port A 274). During 
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system initialization a data path between data steering network 240 and 
system bus 292 is created using port C 278 and port A 274 vsdioreby 
nonenaypted data can be transferred under control of processor 220 to system 
bus 292 via hard drive controller logic 710. Once user authorization is 
5 verified and there are no pending security violations detected, CE 270 uses a 
key to DES encrypt data transmitted by port B 276 to hard drive 1 13. 
Similarly, CE 270 deciphers encrypted data fi'om hard drive 1 13 and presents 
it to system bus 292 via hard drive controller logic 710 vAicn port A 274 to 
port B 276 channel is allowed One skiUed in the art would readily recognize 

10 that otiber cipher engines which conform to the above-mentioned standards and 
support data encryption may be substituted without mataially modifying the 
spirit and scope of the presoit inventioa 

RAM 260 is subdivided into secure and open segments by 
tnssmary m^jping the secure segments such that diey are acc^ible only to 

15 processor 220. This prevents both acddental and intentional loss of secure 
information firom the RAM 260 to the system bus 292. RAM 260 is 
addressable only by processor 220 and contains DES base kernel key 
encryption information and answers to vaification questions retrieved fi'om 
card 115 by processor 220. The qpen portion of RAM 260 contains the 

20 verification questions retrieved fircoi card 115 and other nonsoisitive data 
As can be seen in FIGURE 6, ROM 280 contains loader 
program code 610 and verification program code 620 used by the CPU 290 
vpm initialization to load and execute the vmfication program. Since 
standard BIOS routines attempt to boot from the C: drive the use of ROM 280 

25 in concert with processor 220 and control ASIC 230 to simulate a C: drive 
allows the present invention to be used in the standard IBM conpatible 
personal computer witiiout having to modify the system BIOS (basic 
iiqnit/ou^ut system). 

Card 115 is used with card reader 11 1 under control of 

30 processor 220 to profvide tiie conpiter system 100 with information 
concerning DES aia:yption, verification questions and answers, user 
access privilege level, expiration date, origin of card issuance, and card usage 
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history. As in the first embodiment, the frcfored card 1 15 is a MIOIO 
CARD® or GEMPLUS® card (for example, Scx>t 100, TBIOO, or COS IC 
cards), v^^ch is conpatible with ISO 7816. One skilled in the art would 
readily recognize that otho* IC cards which conform to this standard and 
5 provide data aicrypliQn and decryption fimctions may be substituted without 
materially modifying the spirit and scope of the present invention 
LOGICAL & PHYSICAL DESTRUCT HARDWARE 

Control ASIC 230 also monitors attenpted unauthorized 
retrieval of data fi^om the protected storage devices and presents information 

10 to processor 220 if control ASIC 230 detects an attertpted unauthorized 
access. Processor 220 monitors signals fi-om the control ASIC 230 and 
commands control ASIC 230 to issue a command to either logjcaUy or 
physically destroy protected information in RAM 260 or secure hard drive 
113. Ix>gical destruction of data (XI the RAM 260 is acconplished by 

1 5 asserting trigger signal 21 1 emanating fi-om processor 220, dearing the 

contents of RAM 260. Logical destruction of the sensitive data on hard drive 
1 13 follows naturally, since tiie DES enayption key synthesis information is 
destroyed vAicn the RAM 260 data is destroyed, and, without the DES k^, 
the infonnation cxi hard drive 1 13 is logically irretrievable. Physical 

20 destruction of data can also be acconplished by asserting physical destruct 
signal 212 emanating fi-om processor 220, as a means of triggering a physical 
destruct package 213. As in the first embodiment, several physical destract 
packages are disclosed in the prior art, such as a feme chloride spray or 
plastic e?q)losive package. 

25 Card reader interface board 109 also contains an extra defense 

against physical tanqjcring. In one embodimoit, a transistor circuit 210 is 
used to rapidly erase the contents of djynamic RAM 260. In such an 
embodiment, circuit 210 grounds the power pin of RAM 260 to erase the 
contents of RAM 26&. In nonnal q)eration, trigger signal 211 is not asserted, 

30 thCTeby allowing the collector of transistor dicuit 210 to remain at a voltage 
of q>proximately Vcc. In this mode of operation RAM 260 is powwed by the 
supply voltage Vcc wherdjy current travels throu^ diode 261 and fiise 263 to 
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RAM 260. If power is intOTupted the battery 200 provides currOTt to RAM 
260 through diode 262 and fuse 263. 

When the tri^er signal 21 1 is asserted (by processor 220) the 
collector of upn transistor 210 is forced to a low voltage and current flowing 
5 through diode 261 is sufficient to bum the fuse 263, thereby allowing the Vcc 
terminal of RAM 260 to drop to zero volts and erasing the logical contents of 
RAM 260. Alternatively, if Ae battery 200 is si^jplying RAM 260 with 
current, the trigger signal 211 will cause su£Gdent current to flow throu^ 
fuse 263 to bum fiise 263, and again, the voltage at the Vcc terminal of RAM 

10 260 will drop to zero volts and erase the logical contents of RAM 260. 
Processor 220 can initiate the logical destmct feature if control ASIC 230 
alerts processor 220 that an unauthorized access is being attenpted 

The logical and physical destruct medianisms described provide 
several different levels of data security. In one embodiment of the present 

15 invention th^e are five selectible security levels: 

1) Freeze the conpita: syst^ bus, requiring a "cold boot," 
(power off and then on or "reset"); 

2) Alter the contents of tiie int^rated circuit card so that 
the card must be ipdaied to be authorized for another session; 

20 3) Qear RAM 260 of the stored kemel for the encryption 

key; 

4) Logical destruction of RAM 260 memory, requiring 
reinitialization of RAM 260 before another session may be paformed on the 
conputCT system; and 

25 5) Plysical destruction of con:53uter system memory. 

Other security levels are possible and those skilled in the art will recognize 
that ccxnhinalions of these levels of security are possible without departing 
fi*om the scope and spirit of the present invention. 
INTERFACE BOARD CONTROL & COMMUNICATIONS 

30 Activities on the card xeadsac inter&ce board 109 are 

coordinated in part by code '^burned into" an internal ROM in {xocessor 220 
and in part by execution of an authorization voification program as detailed 
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below. Hiis allows processor 220 to respond to commands issued by CPU 
290 during the audiorization verification program execution, yet maintain 
security of sensitive data on card reader interface board 109 by acting as a 
dedicated controller of sensitive DES encryption data and authorization data 
5 Processor 220 communicates with control ASIC 230 to control data steering 
nrtwOTk 240 and ROM 280, and controls CE 270 using commands issued on 
bus 222 to CE 270 via data steering network 240. Processor 220 is solely 
responsible for communications with card reader 111, which enhances the 
overall security of the present invention since sensitive data is not placed on 

10 the system bus 292 where it is vulnerable to retrieval. 

Control ASIC 230 is connected to ROM 280 and data steering 
networic 240 using bus 223 and is also connected to the monitor and fi-erae 
control lines of CPU 290 which allows control ASIC 230 to "fireeze" system 
bus 292 upon danand by fi-eezing flie system bus 292 if a prohibited access is 

IS detected over the monitor lines. Control ASIC 230 sends a signal to 

processor 220*s INT intonq^t 221 \^en it fi:eez3es system bus 292 to infomi 
processor 220 that the bus was fixxzen, since processor 220 is not connected to 
system bus 292, 

Control ASIC 230 contains a counts (not shown) \Aich counts 

20 the numb^ of "sectors" rdrieved from ROM 280 during boot and loading 
functions (desaibed below) to simulate a hard drive interface to CPU 290. 
Processor 220 is notified by control ASIC 230 vAim the last byte of program 
inforaiarion is read from ROM 280 by CPU 290. Cipher Engine 270 routing 
is controlled by signals fixm processor 220 to control ASIC 230, and may be 

25 programmed to connect port A 274 to port C 278 to allow processor 220 to 
communicate with system bus 292 (and CPU 290), or connect port A 274 to 
port B 276 to allow CPU 290 to communicate with hard drive 1 13 once 
security conditions have been satisfied, as detailed below. 

FIGURE 4 is a block diagram of flie fimdamental conqxHionts 

30 of control ASIC 230. Control ASIC 230 includes a control register 950 with 
bits assigned for die control of data steering network 240 and ROM 280 via 
conlrol port (CP) 910. These hits ccmlrol vAether bus 222 is connected to 
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RAM 260 or CE 270 via data steering network 240. Similarly, the control 
bits assigned to the control of ROM 280 assist in the simulation of a C: drive 
during the BIOS initialization which is detailed below. Control register 950 is 
programmed by instructions from processor 220, and the status of the control 
5 bits may be deteramned by reads from processor 220 of status register 960 via 
processor port 980. INT port 900 is also connected to the control and status 
registers, and indicates vsiien the system bus 292 is "frozen" when a security 
violation is detected as described above. 

In one embodiment of the present invention, processor 220 

10 programs registers (not shown) in bus address monitor 930 by transmitting 
mask words to these registers via processor port 980. Each mask word 
conprises a programmable tenplate identifying authorized peripherals for the 
particular vscr as defined by the card 115 \^en issued by &e security 
administrator during the authorization visit, described below in the 

15 SECURITY ADMMSTllATORAUmORIZ^^ Control 
ASIC 230 is connected to systrai bus 292 (as shown in FIGURE 3) via bus 
port 920, and can therefore monitor the attsnsptsd accesses on systan bus 292 
and compare them with the teaq)lates stored in bus address monitor 930 using 
combinational logic 940 to determine if an unauthorized peripheral access has 

20 been attoiqited If an unauthorized peripheral access is attenpted one 

embodimrat of the presmt invention will freeze the system bus 292; secure 
conputer system 100 rraains unusable until a power cycle of conputer 100 
(to reset conputer 100) is perfonMd Port 920 of control ASIC 230 is 
connected to hard drive controller logic 710, as shown in FIGURE 3, in order 

25 to control access to hard drive 113 in a manna: known to those skilled in the 
art 

Bus address momtor 930 monitors system bus 292 references to 
poipheral devices sudi as serial and parallel ports, networks, and A or B 
floppy disks. Bus address monitor 930 monitors normal BIOS references 
30 during initialization, such as reset, warm, or poww-up boot, and momtors to 
d^ect attenpted prohibited accesses to doiied peripheral devices as defined 
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on card 115 during the authorization visit (see SECURITY 
ADMINISTRATOR AUTHORIZATION VISIT section below). 
DATA STEERING NETWORK 

Data steering network 240 is shown in a sinplified block 
5 diagram in FIGURE 5. Data steering networic 240 essentially acts as a 

bidirectional, eight bit parallel, steerable data channel. Control ASIC 230 can 
control \^^lether the eight bit bus 222 from processor 220 is connected to 
RAM 260 or CE 270 by decoding the address on bus 222 and selecting input 
20 of the data steering netwoik 240. Control ASIC 230 can also disable the 

10 data steering network 240 by toggling enable iiput 30 of data steering 
network 240. This operation also ensures that CE 270 is never directly 
connected to RAM 260 via data steering networic 240, adding to the 
protection of data stored in RAM 260. 
TYPES OF CARDS AND THEIR FUNCTION 

15 There are essentially tihree types of cards: maintenance, issuer, 

and user cards. Tlie maintenance card allows the user to access the systrai 
only for diagnostic purposes, but no sensitive data is accessible using the 
maintenance card An issuer card is the tqmiost card of the security 
hiCTardiy. It aiables the issuing program to configure a plurality of 

20 subordinate user cards. In one embodiment, usee cards can CTeate subordinate 
user cards and allow the user to access peripherals per privileges granted by 
the issuer during card configuratioa Hie user cards enable users to access the 
secure information on conputo* 100. 

One embodiment of Ae security hierardiy is shown in FIGURE 

25 8. Box 500 represents an issuer card called the issuing ojBSce card Box 501 
is also an issuer card called the security administrator's card The issuing 
ofiBce card 500 is used to create, tfie security administrator's card 501, vMch 
in turn creates subordinate user cards represented as tfie remaining boxes in 
FIGURE 8. In diis embodiment, the issuing of5ce card 500 may not access 

30 data in caaipviec system 100; its purpose is to create subordinate uso* cards, 
such as cards 510, 530 and 540. 
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SECURITY ADMINISTRATOR AUTHORIZATION VISIT 

The next section of the specification of die present invention 
requires a discussion of the information stored on the user card 115 prior to 
the first use of the card 1 15 by a user. A special card issue program is run on 
5 a conputer systan 100, as shown in FIGURE ID, which programs the user 
card 115 pursuant to ISO 7816 specifications. This programming is typically 
done by a seciirity administrator who is responsible for determining the scope 
of authorization of the particular user. Such a session is called an 
authorization visit 

10 Hie card issue program used to conduct an authorization visit 

will store in separate registers located on card 115: e?q)iration dale of the 
card; the code associated with the issuing office; the peripherals \^ch this 
particular viser may access with this card; a code id^fying the card as a 
maintenance card, issue card, or user card; the level of authorization of the 

15 user of the card (see the ACCESS HIERARCHY discussion of HGURE 8, 
below); a series of questions used to identify the user, and lbsk associated 
answers. 

A "first use" register is also dedicated to indicating w^iether the 
card has been used before to aUow tfie system to identify first use. First use 

20 presents an qjportunity to amfigure cmspvtcr system 100 by st<Ming in RAM 
260 sensitive data pertaining to the specific user. In the event the information 
on RAM 260 is erased, the first use register indicates that the card 115 was 
used at least once and the user will be required to report to die security 
administrator to have the card reissued before secure computer systmi 100 

25 will accept it 

A retry counts' r^stor is also programmed during the 
authorization visit wiiich contains a value specifying Ae number of errors a 
potmtial user can make in answmng tiie user identification questions before 
the system terminates Ae verification process. In addition, cstain information 
30 is stored in tihe card automatically vndec ISO 7816 spedficaticMi, such as the 
typQ of card vAndj is being used (for example, MICRO CARD® or 
GEMPLUS® cards) and die amount of msmxy available on the particular 
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card One skilled in the art would readily recognize that the information 
stored on the card may be stored in other conjBguradons without materially 
modifying the scope and spirit of flie present inventioa For exanple, the 
number of questions may be varied without materially changing the invention 
5 QUESTIONS AND ANSWERS USED FOR IDENTTFICATION 
VERIFICATION 

A saies of questions are posed in a consistent format, and the 
answers are recorded to identify a particular user. For exanq^le, one question 
the user mi^t be asked is: "What is your favorite color?" The user should 

10 respond with a text string entiy vAich matches the prerecorded answer. 
Thereftjre if the user responds: "Blue", but the answer was prerecorded as 
"B@L$U*E!", the response will be incorrect and, depending cm the value set 
in the retiy counter, the user m^ be denied access or allowed to answer 
another question One embodiment of the present invention uses fifteen 

15 questions to identify die usCT. Sudi an s^oadi reduces die diance an 
unauthorized user can acquire the connect respcHises through surreptitious 
means. It should be obvious diat any subcombination of the fifteen questicms 
m^ be used for identificaticm purposes. In one embodimait of the presoit 
invention, a random number gen^ator decides the number of questions, to ask 

20 (minimum three), and the particular questions selected However, it is clear 
that die number of questions and their selection process may be altered 
widiout materially altaing die scope of die present inventioa 
INITIALIZAnON OF THE SECURE COMPUTER SYSTEM 

FIGURE 7 shows a flow diagram detailing the procedure by 

25 which the present invention acquires control of the computer for user 

identification and verification purposes upon an initialization such as power 
vp, clear, or warm boot reset. Those skilled in die ait will readily q)predate 
diat minor modifications to die order or exact inplementation of the following 
steps will not materially modify either die scq)e or spirit of the present 

30 inventioa Upon initialization, at step 704 die standard computer BIOS will 
qu^ die computer system to detmnine die present configuration of die 
system Processor 220 is programmed to momtor and save BIOS routine calls 
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made by the secure conpiter system's BIOS during step 704. Control ASIC 
230 assists processor 220 in monitoring and memorizing the BIOS routine 
calls. The memorized calls are then used as a ten5)late for conparison 
pmposes to ensure that subsequent reboot of the conqDuter system with the 
5 standard operating system conforms with the initial pattern. Such a check 
verifies that the system BIOS is, indeed, in control of the subsequent reboot 
process. This prevents loading of another system BIOS to bypass the security 
system in order to access sensitive Hat?^ 

As detailed above, the hardware present on card reader 

10 interface board 109 is designed to simulate the presence of a hard drive. At 
initialization, CPU 290 executes the standard BIOS routine of loading the first 
"one and/or two sectors" &am the C: drive. Card reader interface board 109 
intercepts the read issued by GPU 290 and directs it to ROM 280. As is 
illustrated in FIGURE 6, ROM 280 contains loader program code 610. 

15 HiCTeforc the first one or two sectors of the"C: drive" are read fi-om ROM 
280. (Whether one or two sectors arc loaded depends on flie type of CPU 
290, speed of CPU 290, and type of BIOS used by the conyuter systan.) 
Lx)ader program code 610 is then executed by CPU 290 to retrieve, at 709, the 
remaining "sectors" of ROM 280. Those sectors contain a vmfication 

20 program (620 of FIGURE 6) used to verify the authorization of the user to 
access the system. Control ASIC 230 monitcffs the loading process, informing 
processor 220 at step 712 when the last byte of code is loaded into CPU 290 
so that processor 220 is aware that the verification program is about to 
execute on CPU 290. Processor 220 then generates, at step 713, unsolicited 

25 card status fix)m card reader 111. Meanv^irile, at 714, CPU 290 executes 
verification program 620. When unsolicited card status has beai retrieved, 
processor 220 instructs control ASIC 230 to connect processor 220 to system 
bus 292 via data steering network 240, CE 270, and hard drive conlroller 
logic 710 (step 721). Processor 220 thai transmits the status of card reader 

30 1 1 1 to CPU 290, howBVCT, Ae verification program will loop until unsolicited 
card status is received fitrai processor 220 (step 722). 



wo 95/24696 



PCTAJS95/02579 



21 

USER AUTHORIZATION VERIFICATION PROCEDURE 

At this pdnt, the processor 220 is actually controlliiig system 
bus 292 using handshaking lines, yet processor 220 is responding to requests 
made by CPU 290 throughout the execution of the verification program CPU 
5 290 receives an intemq)t indicating that a card was inserted, and whether a 
conductive card is present (steps 724 and 728). If no card is present, then a 
message to "insert card" is flashed to the operator on display 105 (step 726). 
If the card 1 15 is conductive, then the system bus 292 is fi*ozien and the 
VCTification process is tmninated (step 736). If the card 1 15 is 

10 nonconductive, then power is qplied to the card reader 1 1 1 {stop 729). Upon 
powenp, the card 1 15 issues an unsolicited reset message which is transferred 
to the CPU 290 by processor 220 (step 732). Processor 220 resets card reader 
1 1 1 by holding the RST signal (224 of RGURE 3) low (active) for a 
specified time as defined by ISO 7816-3, and then raises the signal to indicate 

15 end of reset to card 115. Card 115 issues a reset message to processor 220 
via card reader 111 which identifies v4iether the type of card being used is 
MICRO CARD® or GEMPLUS® (per ISO 7816, MICRO CARD® and 
GEMPLUS® Technical Manuals) (step 734). If the card 1 15 is not an 
acceptable card, then processor 220 fi-eezes the system bus 292 and terminates 

20 the authOTization process (step 736). If the card is accepted as potentially 
valid then the verification program detemrines if the card was issued by the 
correct issuing ofiSce (step 742). The e>qpiration date is also retrieved fi"om 
the card by processor 220, but must be scat to GPU 290 because processor 
220 does not have a clodc/calendar to compare the expiration date (step 744). 

25 If either of the tests in steps 742 or 744 foil, then system bus 292 is fiozen by 
processor 220 and tiie verification process is stqH)ed (step 736). If the card 
115 meets the previous tests, tiien CPU 290 instructs processor 220 to read 
several questions and Aeir associated comet responses fi-om the card 1 15 and 
load them into RAM 260 (step 746). In one embodiment of the present 

30 invention, tfie answers are stored in the secure area of RAM 260 and the 
questions, vMch are nonsoisitive, are stored in the open area of RAM 260. 
The user is tiien queried for responses to questions read fi*om card 1 15 and 
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must answer the questions conwtly to gain access to the conputer. The first 
question is displayed to the user (step 748), an operator response is received 
by CPU 290, formatted, soit to processor 220, and conq)ared by processor 
220 with the answCTS stored m Ae secure space of RAM 260 (steps 752 and 
5 754). A retry counter located in processor 220 is incremented each time an 
error is made in answering the questions, and is preprogrammed by the 
security administrator to terminate the verification program if the number of 
erroneous responses exceeds the preprogrammed value (steps 758 and 736). 
This protection is installed to prevmt an unauthorized user of a card fi'om 

10 rq^eated guesses of the correct answers to the posed questions. 

After the last question is asked (step 762) the DES encryption 
key is calculated (step 764). In one embodiment of the present invention, the 
key is calculated using user unique binary infomGtation stored on the card 1 15 
and in the RAM 260. Ihis allows the program to calculate unique keys even 

15 if the key goieration equation is identical fi-om user to user, since the iiqjuts 
identifying each user will be depmdent on the answers given by the user, and 
therefore, the calculated key will be unique. Another embodimmt of the 
present invention will have the verification program prompt the user with an 
additional question to assist in the key randomization process. Alternate 

20 embodiments of the present invention could insert such a question at any 
point in the verification program prior to tiie key genCTation step, hi one 
embodiment of the present inv^ition, the key generation algorithm is given by 
the pseudocode shown in TABLE 1: 

25 TABLE 1 
BEGIN: 

read the binary ciata from card 115 associated 
witJi the prerecorded questions and answers; 

reduce the binary value by powers of nine; 
30 store t:he carries generated in a register to form 

a random number; 

exclusive or the random nimber generated in t±ie 
previous step witdi data stored in RAM 260 of secure 
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conputer system 100 to generate 16 strings of 64 bits, 
which will serve as potential keys for encryptions- 
load the sixteen keys into CE 270; 
generate a random number between 1 and 15; 
5 select one of the sixteen keys using the random 

number; 

use that key for encryption purposes; 

END. 

10 However, it will be clear to those skilled in the art that other fonnulas may be 
used without matmally modifying the sjnrit and scope of the presmt 
inventioa 

After the key is generated, it will be loaded, along with an 
encryption table, into the CE 270 (step 772), so that the CE 270 will be ready 

15 for enoyption if the test of the loading is passed (step 774). If the table is 
not loaded comecfly, Am Ae verification program will terminate (step 736). 
If the table is loaded correctly, the processor 220 reviews the entire histoiy of 
the verification sequence (776) to ensure that aU of the required tests have 
passed (778) before connecting the syston bus 292 to CE 270 (782). If, at 

20 778, all required tests have not passed conrectly, the verification program is 
tenninated at step 736. OthCTwise, the CPU 290 will thm boot fix)m hard 
drive 1 13 in order to execute the disk operBtmg system for secure conputer 
100 (step 784). Processor 220 monitors this reboot process using control 
ASIC 230 to monitor the BIOS routine calls to ensure diat the native system 

25 BIOS is propCTiy rebooting the conpiter from hard drive 113 (step 786). If 
any unauthorized accesses are Bttempted, system bus 292 is frozen and the 
verification program terminates (steps 792 and 736). Unauthorized accesses 
include: unauthorized access of peripheral (monitored by bus address monitor 
930 on control ASIC 230), and attenpts to boot from Ae A: instead of C: 

30 drive (monitored by processor 220), (step 788). If no unauthorized accesses 
are detected, the program will allow the user to use disk drive 113 undl Ae 
session is terminated by the user via rraioval of card 115 or system reset (step 
794). Qice the user is dme, systan bus 292 will be frozen and the conqniter 
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100 must be power cycled (to reset conputer 100) before another session can 
take place (step 736). 
ACCESS HIERARCHY 

FIGURE 8 shows one embodiment of a hierarchy of secured 
5 access codes among a midtiuser organization. The present invention teadies a 
hierarchy coding method used to generate families of access codes \^iiich 
permit horizontal and vertical segregation of access codes within an access 
hierarchy. As shown in FIGURE 8, the access code is designed to allow a 
superior of a subordinate user access to the conputer of the subordinate, but 

10 only if the siq^erior has access in the same vertical portion of the user 

hiCTarchy. For exanple, referring to FIGURE 8, user 520 cannot access die 
information on user SlO's conputer (520 is subordinate to 510), but can 
access the infomiation on the con^uters of usgts 522. However, user 520 has 
no access authority over user 550 (no horizontal access privilege), nor does 

15 usCT 520 have access authority over users 552 (lacking vertical commonality). 
A boiefit of sudi organizations of key information is that access may be 
limited in an organized and restricted hierardiy. For ocanple, if somehow 
security is conpromised in the middle branch of FIGURE 8, then the left and 
ri^t branches are not c om p A X^ mi sed 

20 A vast array of uscts may thaefore be accommodated easily 

within the hierarchy shown in FIGURE 8 by dedicating access code words to 
each level. In one such onbodiment, sixty-four (64) bits are allocated to Ac 
access code word describing 510 level, allowing 2^ unique codes at 510 level; 
sbcty-four (64) bits are allocated to the access code word describing level 520, 

25 allowing 2^ unique codes at the 520 level; and sixty-four (64) bits are 
allocated to the access code word describing level 522, aDowing 2^ unique 
codes at the 522 level. Hiese bits may be stored on card 115 in dedicated 
regist^ and assigned by fte security administrate^' during the authorization 
visit 

30 The horizontal separation of users, may be easily attained by 

including an extra question in the list of queries posed and answered during 
the verification program execution. An answ^ could be predrtermined v^ch 
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would be common among all users in a common vertical groiqj, and vAdch 
would segregate them fix>m other users in other votical groips. For exanple, 
each individual vertical ffovp would be identified by a unique, predetemined 
response to the same questioa The response could be mapped to a binary 
5 number, which could serve as a consistent ofiset for purposes of generating 
the access code. For example, if a question asked for a favorite sport, the 
response "golf could be used by all members of a particular vertical groiq) to 
identify their groiq). 

In one raibodiment of the present invention, fifteen (15) 

10 questions are used to identify the user, an extra question is used to identify 
the particular vertical branch of the access tree the user resides. These 
questions are employed to select the DES enayption keys available to tfie 
user. In tfiis way, the DES enayption key questions serve as a fiirtfiar 
randomization of the access code wfaidi is user depoidesiL 

1 5 EssoitiaUy, access information is distributed between the user 

(in the preprogrammed responses generated by that user), the card 115 
(programmed \;^en the individual is given access autfaorify), and RAM 260 
stored on card reader controller board 109. Therefore, in one embodimOTt of 
the invmtion, the access code is a combination of die user, the card, and the 

20 conpiter vMch the user uses. This provides for a hi^ level of security for 
the entire system, and requires that the user be re-authorized by the security 
administrator every time the user's access privileges are lost due to incorrect 
or improper attempted access. In Ais way, security administratOTS can control 
the access attempts by the users since they are informed each time a potmtial 

25 security breach is encountered; users must be re-authorized if the 

idantification informaticHi in RAM 260 is destroyed by attenpted unaudiorized 
access. 

DESTRUCnON OF DATA 

Logical destruction of the data resident on the various memory 
30 storage devices found on tiie conputer system may be prqjrpgrammed to 
occur B&ex a fixed number of fiiiled attenpted accesses (see FIGURE 7 
discussion of retiy counter, step 758). In one onbodiment, board 109 goes 
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further and freezes the system bus 292 to prevent unauthorized retrieval of 
sensitive information following detection of a potential security breach. The 
data stored in hard drive 1 13 is logically destroyed vAim tfie DES encryption 
key is erased since the key cannot be reconstructed by the intruder. 

5 Therefore, if the k^ information m RAM 260 is destroyed, it is equivalent to 
rmdering the data stored in hard drive 1 13 logically destroyed, since without 
the encryption key it is undeciphoable. hi one embodiment of the presmt 
invention, the DES key kernel information stored on RAM 260 is destroyed 
by clearing RAM 260 using an algorithm executed by processor 220 upon 

0 detection of attempted unauthorized access, or by grounding the power pin of 
RAM 260 using transistor circuit 210 as described in die section LOGICAL & 
PHYSICAL DESTRUCT HARDWARE, above. A further hurdle requires that 
any user whose card 115 is invaUdated by unaudiorized access visit the 
security administrator to get Aeh: card reinstated Physical destruction of the 

S data storage media is also possible by asserting physical destruct signal 212 
goierated by control ASIC 230 under control of processor 220 in the event of 
a breach, triggering destruct package 213 designed to physically destroy the 
hard drive 1 1 3 and RAM 260. 

Alternate embodiments of the destruction means of the present 

3 invention are also possible. In one embodiment, the selection of destniction 
means and the process by vMch the destruction methods are invoked are 
programmed by altering the code in die internal ROM of processor 220 or by 
varying the value of retries allowable on the register of card 1 1 5. Therefore, 
one embodiment of the present invention is not limiting and does not 

> materially limit the scope of the present inventioa 

FIGURE 9 illustrates one embodiment of die presmt invention 
showing a card reader recq>tacle 820 mounted with a hard drive 810 to 
facilitate physical mounting of the card reader and a resident hard drive. For 
exanple, a hard drive 113 can be co-located wifli a card reader 111 to form a 

) single unit can^msing a secured disk drive as shown in FIGURE 9. This 
mounting schme illustrates only one of scvml possible oiibodiments of the 
mechanical mounting of die card reado* receptacle 820 in the preset 
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inventioa Other embodiments Olustrating the mech^ 

reader receptacle 820 are possible without materially modifying the scope of 

the present inventioa 

Those skilled in the art will readily see that the presmt 
5 invention ofifers several benefits over other devices including but not limited 
to the ability of one embodiment to provide three levels of conputer security. 
For instance, one embodiment of the present invaition provides security in 
three distinct ways: 

(1) immediately asserting control of the conputer systan upon 

10 initialization in the form of preboot protection, since the card reader interfece 
board simulates the C: drive loader code before an intruder can intemq)t the 
systmi and thereby immediately takes control of the CPU; 

(2) after preboot control is acquired a user verificatian program is 
executed to ensure that tfie user is audiorized to access the cmspotsx; and 

15 (3) ongoing monitoring of conputer activity as the con:q>uter systoii is 

in use, to detect attempted unauthorized accesses using a bus address monitor 
and destroy smsitive program and enoyption key information before an 
intrude can break into the system. 

Those skilled in the art will readily appredate that the scope of 

20 the present invention is not restricted to securing personal conqjutCTs, but may 
be extended to securing other types of conputer systems (larger or smalls) or 
specific peripherals of both small and large cortputer systems. Additionally, 
the present invoition may be employed to secure the digital Hat^ stared on 
any system which stores sensitive digital informatioa 

25 The present invention discloses the use of the card reader 

interface board 109 in conjunction with hard drive 1 13. It should be apparent, 
however, that the same type of security could be ^lied advantageously to 
control the contoits of other nonvolatile memoiy sudi as a contact disc (CD) 
ROM system. Personal Conputer Mmioiy Card International Association card 

30 (PCMCIA card), or streaming t^ backup unit Indeed, the present invaition 
can be appUed advantageously to control access to any peripheral which could 
be connected to a compater system. For instance, the jiresent inventiOTi could 
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be ^lied to secure subsections of mass storage devices, such as partitioned 
hard drives or PBX switches. Alternate encryption mediods, larger or smaller 
data and address buses, alternate integrated circuit cards and readers, and 
modifications to the control algorithms enqDloyed in flie present invention may 
5 also be used without materially altering the scope and spirit of present 
inventioa 

It is to be understood, however, that even thou^ numCTOus 
characteristics and advantages of the invention have been set forth in the 
foregoing description, together with details of the structure and function of the 
10 invention, the disclosure is illustrative only, and changes may be made in 
detail, especially mattos of shape, size, and arrangemOTt of parts within the 
principles of the invention, to the fiill extent indicated by the broad geuCTal 
meaning of the tarns in which the ^>pended claims are e>q}ressed 
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What is claimed is: 

1. A method of operating a conpiter, conprising the steps of: 
a) prior to boot, acquiring control of the CPU; 

5 b) loading a verification program; 

c) verifying that the user is authorized using the verification program; 

d) prohibiting access to the conputer if the user is not authorized; 

and 

e) providing access to the conputer if the user is authorizjed, 
10 conprising the steps of 

1) monitoring bus accesses to detect if a user is attenpting to 
read or write to an unauthorized peripheral; and 

2) destroying memoiy contents if unauthorized attenpts at 
access are detected 

15 

2. A method of protecting inforaiation stored in nonvolatile memoiy of a 
conputer systrafi having a system bus, conprising the steps of: 

a) providing a plurality of sources of identification information for 
identifying an authorized user; 
20 b) restricting access to the conputer system by the steps of 

1) performing preboot control of the conputer, 

2) loading a verification program; 

3) reading identification infomiation fi-om the plurality of 
sources; 

25 4) comparing the identification inforaiation read fi*om the 

plurality of sources to vmfy the authorization of the user, 
c) if the user is an authorized user, providing access to the conputer 
by the stqDS of 

1) allowing access to the conputer system; 
30 2) constructing an oicrypticxi key fi^om the plurality of 

sources; and 
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3) encrypting the information stored in the nonvolatile 
memory using the cxmstructed encryption key, and 
d) if the user is not authorized, freezing the system bus such that 
another attenpt to access tiie conputer system requires a powerdown 
5 to reset the conputer system. 

3. The method according to claim 2, wiierein the step of providing a 
plurality of sources includes the step of {providing identification information 
from an integrated circuit card, identification information input from a user, 

10 and identification information resident in the con:5)uter systrai 

4. A method of protecting information stored in nonvolatile memory of a 
conputer systrai, the conpiter systrai having a central processing unit 
(CPU), the mefliod coopising tfie steps of: 

15 a) providing a conpiter system wiA an intaface board 

resident verification program and a loader program for loading the verification 
program; 

b) restricting access to Ae nonvolatile memory, \?^CTein the step of 
restricting access includes die steps of 
20 1) controlling the con^Duter system central processing unit 

(CPU) during initialization and prior to booting the coirputer, wherein 
the step of controlling con^jrises the steps of 

a monitoring and storing BIOS calls made by the CPU 
during the loading of the voification program; 
25 b. initiating an initialization of the computer system; 

c. simulating a boot disk such that the CPU loads the 
loader program; 

d executing die loader program; 
e. loadiiig the verification program; and 
30 f executiiig the verification program, wherein said 

program verifies the idmtity of tiie usct; and 
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2) if the user is verified as an authorized user, allowing access 
by the stqps of: 

a providing access to the ncMivoIatile memory; 

b. booting the computer system fi-om the nonvolatile 
monoiy; 

c. monitoring and storing BIOS calls made by the CPU 
during the booting step; and 

d detecting logical accesses which could con^romise 
the security of information stored in the nonvolatile memory, 
wherein the step of detecting logical accesses includes the steps 
of 

1. ccxxparirig BIOS calls stored during the 
loading step with BIOS calls generated during the 
bootiiig step; and 

2. if BIOS calls do not matdi, fi:e^ing the 
system bus, requiring a powCT cycle of the conputer 
system to reset the con:5)uter system 

5. Hie method of claim 4, \dierein ttie method further comprises the 
20 steps of 

constmcting a unique endyption key obtained fi-om a plurality of 
sources; and 

encrypting information stored to the nonvolatile memoiy using the 
encryption key; 

25 and A^erein the step 4.2.d2 of fiieezing the system bus conpises the 

step of logically destroying the data stored in the nonvolatile memory by 
destroying the eooyption key. 

6. The method of claim 4, vhsidn the stq> 4.2.d2 of fi^ezing the system 
30 bus conqmses the step of pl^ically destroying the nonvolatile memory, 

diereby destroying tiie data stored in the nonvolatile memory. 



10 
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7, The method of claim 4 \^4ierein Ae stq) of detecring unauthorized 
logical accesses con^ses detecting unauthorized peripheral accesses. 

8. A secure conputer system for controlling a user's access to 

5 confidential infomiation stored in nonvolatile memory, the system conqjrising: 

a) a system bus; 

b) a central processing unit (CPU); 

c) an identification card, containing identification information for 
identifying authorized users of the computer system; 

10 d) a card reader for reading identification ixiformation fi-om the 

identification card; and 

e) a card reader interface, connected to the system bus, wherein the 
interface operates to assume control of the CPU upon initiahzation of the 
conputer system, the interface conqnising 

1^ 1) a dedicated data bus for comniunicatioiis \vitfi the 

nonvolatile memoiy; 

2) a dedicated data bus for communications with fhe card 
reader, 

3) a vaification program to be executed by the CPU for 
20 limiting access to the nonvolatile memoiy to only authorized users; 

4) a memory storage device fcM" storing user-specific 
information; 

5) an enayption system v^ch encrypts the data stored to tiie 
nonvolatile mraioiy using an raoyption key constructed fi-om data on 

25 fhe identification card, data in tfie memory storage device, and iiq>uts 

fi'om the user; 

6) an iq)ut/output bus address monitor circuit for detectmg 
attenpts to bypass the verification program; and 

7) a monory erasing circuit for destroying oicryption key 
30 mformation stored in flie meoioiy storage device if an unauthorized 

access is detected fay the inter&ce. 
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9. A method for protecting information stored in nonvolatile n^moiy of a 
conputer, the method conprising the steps of: 

a) providing means for interfacing an irifonnation bearing card to the 
conputer; 

5 b) storing individualized questions and answers \^ch uniquely 

identify a user on the information bearing card; 

c) reading identification information and card information from the 
information bearing card; 

d) executing a verification routine xspon initialization in order to 
10 determine whether the user is authorized to gain access to the j)rotected 

inforaiarion stored in die nonvolatile memoiy, wherein the verification routine 
conqsrises asking the user the individualized questions and conparing answers 
received against the stored answers; and 

e) iftheusercorrecdy answers the questions, peraiitting access to 
15 portions of the protected information stored in the nonvolatile memory. 

10. The method according to daim 9, fiirtho- comprising the step of: if the 
user does not correcdy answer the questions, fi:eezing the conput^ and 
requiring that the con^juter power be cycled to reset the connputer. 

20 

1 1. The ix^od according to* claim 9 fiirtfaer conpising the step of 
programming the information bearing card with individualized access privilege 
information to identify vAdch nonvolatile memory devices the user is 
privileged to access. 

25 

12. The method according to claim 9, wherein the step of permitting 
access comprises the steps of 

a) verifying that die user is privileged to access the infcwmation stared 
in a first storage device; and 
30 b) if the user is privileged to access the information stored in the first 

storage device, pemiitting access to the protected information stored on tiie 
first storage device. 
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13. The method according to claim 1 1 further conpising the step of if the 
user attempts to access infomiation from an uipivileged storage device, 
freezing the computet and forcing the user to reset the conputer system and 
begin authorization verification again. 

5 

14. The method according to claim 9, wherein the step of reading further 
conpises the step of: incrementing a retiy counter if the user incorrectly 
answers a question, and waiting for a subsequent user response if the retry 
counter has not reached a predetermined value, otherwise temiinating the 

10 authorization procedure. 

15. The method according to claim 9, wherein the step of reading further 
conpises the steps of: 

a) reading a card identification code from the card indicating card 

15 type; 

b) determining a card type fitMn the card identification code; and 

c) if die card is a maintenance card, allowing a user access to the 
conpiter for maintmance purposes, without allowing access to the nonvolatile 
memory of flie conpjter. 

20 

16. A secure compOsr providing for tfie COTtroUed access of internal 
devices via a card reader, the conqxiter con^sing: 

a user input device; 

a card reader; 
25 a screen display, 

a central processing unit (CPU); 

a device containing non-volatile CPU pi ogi^ am code; 

a CPU systOTi boot ROM; 

a plurality of peripheral devices; 
30 a system data bus; 
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a microprocessQr for writing and reading inforaiation to and from a 
card placed in the card reader, the microprocessor and the CPU 
connected through a dedicated data bus; 
an encryption engine; 
5 a volatDe monory device for storing data retrieved from the card by 

the microprocessor; 

said O^U system boot ROM including code for instructing the CPU to 
start executing the CPU program code in the device so that the CPU 
program code in the device takes over control of the CPU, so that 
10 i5X)n a power-up, clear, or warm-boot reset of the con^uter the CPU 

program code in the device obtains control of the CPU; and 

said CPU responsive to said CPU program code, to perform an 
authorization voificadon procedure ccHipising the steps of: 

a) instructing ^e microprDcessor to read a card placed in 
IS the card reader by a user and obtain at least one 

question from a list of questions stored in the card; 

b) displaying the question to the user on the screen display, 
and waiting for a response from the user on the inpat 
device; 

20 c) passing the response to the miaoprocessor and the 

microprocessor conparing at least one user response to 
a list of correct answers stored on the card; 

d) receiving the results of the conparison by the 
microprocessor and aUowing access to the conputer if at 

25 least one user response matches a conresponding correct 

answer; 

e) generating an enciypticm key from data on tfie card, data 
stored in the volatile memory device, and responses 
received by the user; and 

30 f) maypting all data stored to die plurality of peripherals 

using the enayption key. 
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17. The conputer of claim 16 finther conqmsing: 

a security circuit for monitoring attenpted unauthorized accesses of the 
conputer; and 

a logical destrudt circuit, connected to the security circuit, for 
5 destroying data in the volatile memory device if unauthorized access is 
detected by at least one of the microprocessor and the security circuit; 
and wherein the microprocessor perfomis the steps conpising: 

monitoring and storing CPU BIOS routine calls during the 
authorization verification procedure; 
10 monitoring and conparing the CPU BIOS routine calls during 

the rebooting process to detect control of the s>^tem data bus by 
another program; and 

if the BIOS calls stored during the audiorization verification 
procedure do not match the BIOS calls monitored during the rebooting 
15 process, then logically destroying the data in the volatile memory 

device; and 

whCTein tfie CPU perfOTms the additional step of incrementing 
the value of a retry counter if the user incorrectly answers a question, 
and waiting for a siibsequait user response if the value of the retry 
20 counter is less than a predetermined value, otherwise tmrinadng the 

audiorization procedure. 

18. The conputer of claim 17 vAicmn the computer fintho: conpises one 
or more physical destruct mechanisms logically connected to the 

25 miCToprocessor for physically destroying data on at least one of the plurality 
of peripheral devices. 

19. The computer of claim 17 fiirther conpising a physical destruct 
output and physical destmct package, the output for triggmng the physical 

30 destruction of the secure computer by computer control upm detected 
att^rpted unauthorized access. 
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20. The (xmspatcr of claim 1 7 wherein flie key information is generated 
from data stored on the card, in the volatile memoiy device, and firan 
responses entered in by a user during flie verification procedure. 
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